hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-21 19:26:31 +01:00
Code Issues Packages Projects Releases Wiki Activity
76,207 Commits 1,672 Branches 157 Tags
codeql-cli-2.20.5
Commit Graph

5479 Commits

Author SHA1 Message Date
Shyam Mehta
09ec37943c Partial Path Traversal split into 2 queries 2022-07-20 17:53:26 -04:00
smehta23
b7e522749f Apply suggestions from code review 
Co-authored-by: Chris Smowton <smowton@github.com>
Co-authored-by: Anders Schack-Mulligen <aschackmull@users.noreply.github.com>
 2022-07-20 15:32:59 -04:00
Asger F
b9bdee6651 Merge branch 'main' into post-release-prep/codeql-cli-2.10.1 2022-07-19 16:24:35 +02:00
Raul Garcia
eefa659503 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:23:59 -07:00
Raul Garcia
fe789c8aa9 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: yo-h <55373593+yo-h@users.noreply.github.com>
 2022-07-16 08:22:18 -07:00
github-actions[bot]
0ee476129a Post-release preparation for codeql-cli-2.10.1 2022-07-14 14:38:49 +00:00
Erik Krogh Kristensen
85a652f3d1 remove a bunch of repeated words 2022-07-14 12:42:48 +02:00
Jeroen Ketema
fe1f1bb79d Fix issues with change notes 2022-07-14 11:06:14 +02:00
github-actions[bot]
d1aa0d7dd3 Release preparation for version 2.10.1 2022-07-14 08:56:03 +00:00
Chris Smowton
a6970638cb Improve description 2022-07-13 20:27:10 +01:00
Chris Smowton
01cec0490b Abbreviate qhelp 2022-07-13 20:24:44 +01:00
Erik Krogh Kristensen
a4262f8d91 add some more references to the overly-large-range qhelp 2022-07-13 11:20:24 +02:00
Raul Garcia
0dbb03f732 Adding CVE information. 2022-07-12 21:49:19 -07:00
Raul Garcia
a4adf06713 Addressing feedback for the qhelp file. 2022-07-12 13:51:12 -07:00
Raul Garcia
64343e00f4 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:25 -07:00
Raul Garcia
8a48708014 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:14:13 -07:00
Raul Garcia
2bac181094 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:53 -07:00
Raul Garcia
a4e35a97ea Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:38 -07:00
Raul Garcia
a51d713925 Update java/ql/src/experimental/Security/CWE/CWE-327/Azure/UnsafeUsageOfClientSideEncryptionVersion.ql 
Co-authored-by: Chris Smowton <smowton@github.com>
 2022-07-12 08:13:12 -07:00
Erik Krogh Kristensen
220ff3cb2e convert tabs to spaces in qhelp 2022-07-12 16:02:50 +02:00
Erik Krogh Kristensen
ff25451699 rename query to overly-large-range, and rewrite the @description 2022-07-12 16:02:46 +02:00
Shyam Mehta
65b9947428 Incorporate jksco's feedback 2022-07-12 02:02:31 -04:00
smehta23
781a2a73d3 Merge branch 'main' into feat/SM/java_partial_path_traversal_vulnerability 2022-07-12 01:48:12 -04:00
Raul Garcia
d5791e2d56 Addressing feedback from the PR 2022-07-11 15:45:15 -07:00
Raul Garcia
ac05577966 Making various changes based on the feedback. Pending: 2 non-trivial fixes for Java & Python. 2022-07-11 13:25:35 -07:00
Chris Smowton
74641ccfee Simplify test for no-arg constructor 2022-07-11 11:01:19 +01:00
Raul Garcia
01da877d0e Moving the new query to experimental. It was added to the wrong folder initially. 2022-07-06 14:07:14 -07:00
Raul Garcia
f5c6b45014 Update UnsafeUsageOfClientSideEncryptionVersion.qhelp 2022-07-05 13:58:11 -07:00
Raul Garcia
e43e5810cf New queries to detect unsafe client side encryption in Azure Storage 2022-07-01 17:08:35 -07:00
Shyam Mehta
39f885413f Change log 2022-07-01 11:34:56 -04:00
smehta23
391dd5b38d Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:55:58 -04:00
smehta23
ebe48ec30a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:53:43 -04:00
smehta23
48e16e52b5 Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversal.qhelp 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:52:41 -04:00
Shyam Mehta
1a41d4c379 Add CVE number 2022-07-01 10:51:33 -04:00
Shyam Mehta
300a14c35c Add ESAPI reference 2022-07-01 10:43:59 -04:00
smehta23
209a21655a Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalGood.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:40:38 -04:00
smehta23
c6f2f61bfb Update java/ql/src/Security/CWE/CWE-023/PartialPathTraversalBad.java 
Co-authored-by: Jonathan Leitschuh <jonathan.leitschuh@gmail.com>
 2022-07-01 10:39:46 -04:00
Shyam Mehta
16814071df Fix typo in .qhelp 2022-06-29 18:03:57 -04:00
Shyam Mehta
7ab8f0262c Fix duplicate class header and better fix using toPath() 2022-06-29 18:01:12 -04:00
Shyam Mehta
955e614563 Add documentation of the Partial Path Traversal vuln 2022-06-29 17:31:04 -04:00
Andrew Eisenberg
fbeecd6c08 Merge pull request #9744 from github/aeisenberg/move-contextual-queries 2022-06-29 11:44:33 -07:00
Andrew Eisenberg
ddf06f8617 Add change notes and qldoc for moved files 2022-06-29 10:03:12 -07:00
Andrew Eisenberg
a3f4d1bf66 Move contextual queries from src to lib 
With this change, users are now able to run View AST command in
vscode within vscode workspaces that do not include the core libraries.
The relevant core library only needs to be installed in the package
cache.
 2022-06-29 07:51:26 -07:00
Erik Krogh Kristensen
9ecc3a2671 filter out potential misparses from java/suspicious-regexp-range 2022-06-29 13:16:40 +02:00
Tony Torralba
12fa6967dc Merge pull request #8669 from joefarebrother/intent-verification 
Java: Add query for Improper Verification of Intent by Broadcast Receiver (CWE-925)
 2022-06-29 09:43:07 +02:00
Shyam Mehta
b5ca2c3d9d Add additional tests from real world query run 2022-06-28 17:32:20 -04:00
Shyam Mehta
7122f29296 Finish Partial Path Traversal Query 2022-06-28 15:02:06 -04:00
Shyam Mehta
4c7d476280 [JAVA] Partial Path Traversal Vuln Query 2022-06-28 13:52:41 -04:00
Erik Krogh Kristensen
a343ceaf8b add suspicious-regexp-range query 2022-06-28 09:49:27 +02:00
Asger F
cc57cb8af5 Merge branch 'main' into post-release-prep/codeql-cli-2.10.0 2022-06-27 20:37:25 +02:00